I just stumbled across the MIR-ROR (Motile Incident Response– Respond Objectively, Remediate) tool reported over at the ISC Storm Center as reviewed in June's ISSA journal (http://holisticinfosec.org/toolsmith/docs/june2009.pdf). It is a script which was created by a Microsoft IH guru and utilizes the SysInternal utilities.